From: Wei Liu <wei.liu2@citrix.com>
Date: Fri, 20 Jan 2017 11:57:58 +0000 (+0000)
Subject: tools/fuzz: add AFL stub program for libefl fuzzer
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2908
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=a304574abe976d0353c179a8150a3e2b7f5bca17;p=xen.git

tools/fuzz: add AFL stub program for libefl fuzzer

And hook it up into build system.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---

diff --git a/.gitignore b/.gitignore
index b50f7ea5d3..8810c6975a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -146,6 +146,7 @@ tools/flask/utils/flask-loadpolicy
 tools/flask/utils/flask-setenforce
 tools/flask/utils/flask-set-bool
 tools/flask/utils/flask-label-pci
+tools/fuzz/libelf/afl-libelf-fuzzer
 tools/fuzz/x86_instruction_emulator/x86_emulate*
 tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer
 tools/helpers/_paths.h
diff --git a/tools/fuzz/libelf/Makefile b/tools/fuzz/libelf/Makefile
index c73ce44e87..3313601caa 100644
--- a/tools/fuzz/libelf/Makefile
+++ b/tools/fuzz/libelf/Makefile
@@ -19,6 +19,8 @@ libelf.a: $(ELF_LIB_OBJS)
 .PHONY: libelf-fuzzer-all
 libelf-fuzzer-all: libelf.a libelf-fuzzer.o
 
+afl-libelf-fuzzer: afl-libelf-fuzzer.o libelf-fuzzer.o $(ELF_LIB_OBJS)
+
 # Common targets
 .PHONY: all
 all: libelf-fuzzer-all
@@ -28,7 +30,10 @@ distclean: clean
 
 .PHONY: clean
 clean:
-	rm -f *.o *.a
+	rm -f *.o *.a *-libelf-fuzzer
 
 .PHONY: install
 install: all
+
+.PHONY: afl
+afl: afl-libelf-fuzzer
diff --git a/tools/fuzz/libelf/afl-libelf-fuzzer.c b/tools/fuzz/libelf/afl-libelf-fuzzer.c
new file mode 100644
index 0000000000..b5668c11e7
--- /dev/null
+++ b/tools/fuzz/libelf/afl-libelf-fuzzer.c
@@ -0,0 +1,57 @@
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size);
+
+#define INPUT_SIZE  4096
+static uint8_t input[INPUT_SIZE];
+
+int main(int argc, char **argv)
+{
+    size_t size;
+    FILE *fp;
+
+    if ( argc != 2 )
+    {
+        printf("Expecting only one argument\n");
+        exit(-1);
+    }
+
+    fp = fopen(argv[1], "rb");
+    if ( fp == NULL )
+    {
+        perror("fopen");
+        exit(-1);
+    }
+
+    size = fread(input, 1, INPUT_SIZE, fp);
+
+    if ( ferror(fp) )
+    {
+        perror("fread");
+        exit(-1);
+    }
+
+    if ( !feof(fp) )
+    {
+        printf("Input too large\n");
+        exit(-1);
+    }
+
+    fclose(fp);
+
+    LLVMFuzzerTestOneInput(input, size);
+
+    return 0;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */